16 lines
424 B
PHP
16 lines
424 B
PHP
<?php
|
|
function csrf_token() {
|
|
if (session_status() === PHP_SESSION_NONE) session_start();
|
|
if (empty($_SESSION['csrf_token'])) {
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(64));
|
|
}
|
|
return $_SESSION['csrf_token'];
|
|
}
|
|
|
|
function verify_csrf() {
|
|
if (!isset($_POST['csrf_token']) ||
|
|
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
return false;
|
|
}
|
|
return true;
|
|
} |